예제 #1
0
    def do_ps_ls(self, arg):
        '''
            Display all the files accessed by the specified process
            If you also want to filter on the file name, then use
            ps_cd to establish a process context then ls <file_name_filter>

            Examples:
            ps_ls <pid>
            ps_ls <descriptor address>
        '''

        if (self.sqlite_conn is None):
            sys.stderr.write(
                "Please load a database first with the load_db command\n")
            return

        arg = arg.strip()
        process_filter = ""

        if (arg):
            try:
                int(arg)
                process_filter = "WHERE pid = %s" % arg
            except ValueError:
                process_filter = "WHERE desc_address = '%s'" % arg
        else:
            sys.stderr.write(
                "Please specify a process PID or descriptor address\n")
            return

        cursor = self.sqlite_conn.cursor()

        resp = cursor.execute("SELECT id, pid, desc_address FROM process %s" %
                              process_filter).fetchall()
        for pRow in resp:
            '''
            This query accounts for both image loads + file i/o
            '''
            query = "SELECT name, COALESCE(op, ''), COALESCE(process.pid, ''), COALESCE(desc_address, ''), COALESCE(data, ''), \
            time FROM operation LEFT JOIN process ON target_p_id = process.id JOIN \
            resource ON r_id = resource.id WHERE target_p_id = %s AND type = 'F'  \
            UNION \
            SELECT name, COALESCE(op, ''), '', '', COALESCE(data, ''), \
            time FROM operation JOIN process ON p_id = process.id JOIN \
            resource ON r_id = resource.id WHERE p_id = %s AND type = 'F' AND target_p_id IS NULL ORDER BY time"                                                                                                                 % \
            (pRow[0], pRow[0])

            table = BeautifulTable(max_width=160)
            table.column_headers = [
                "Name", "Operation", "Target PID", "Target PID Descriptor",
                "Aux Data", "First Seen"
            ]
            for row in cursor.execute(query):
                table.append_row(row)

            print("\n")
            print(banner("Process %s (%s)" % (pRow[1], pRow[2])))
            print(table)
            print("Total:  %d\n" % len(table))
 def print_process_report(self, pid, descriptor, image, report_data):
     for data in report_data:
         if data[0] == Analyst.DATA_TYPE_PROCESS_INFO:
             print("%s\n" % data[1])
         elif data[0] == Analyst.DATA_TYPE_ANALYST_HEADING:
             print("\n")
             print(banner(data[1], "=", 80))
         elif data[0] == Analyst.DATA_TYPE_ANALYST_PROCESS_DATA:
             self.print_process_report(pid, descriptor, image, data[1])
         elif data[0] in [
                 Analyst.DATA_TYPE_TABLE_DATA,
                 Analyst.PROCESS_ANALYST_SCORES_TABLE
         ]:
             print(data[1])
             print("Number of results:  %s\n" % len(data[1]))
             print("\n")
         else:
             print(data[1])
예제 #3
0
    def do_ps_reqs(self, arg):
        '''
        Lists the process requests made by the specified process
        using the process PID or address descriptor.

        Note that if you use the PID, due to the
        OS possibly reusing the PID, you may get more than one process back

        Examples:
        ps_reqs 4608
        ps_reqs 0x00000073
        ps_reqs if already in a process context (using ps_cd)
        '''
        if (self.sqlite_conn is None):
            sys.stderr.write(
                "Please load a database first with the load_db command\n")
            return

        if not arg:
            if self.process_context:
                arg = self.process_context
            else:
                sys.stderr.write(
                    "Please specify a process id or descriptor address\n")
                return

        arg = arg.strip()
        process_filter = ""
        if (arg):
            try:
                int(arg)
                process_filter = "WHERE pid = %s" % arg
            except ValueError:
                #assume its a process descriptor
                process_filter = "WHERE desc_address = '%s'" % arg

        cursor = self.sqlite_conn.cursor()
        resp = cursor.execute(
            "SELECT id, desc_address, COALESCE(image,''), pid FROM process %s"
            % process_filter).fetchall()

        if not len(resp):
            sys.stderr.write("Invalid process pid, %s, specified\n" % arg)
            return

        table = BeautifulTable(max_width=160)
        for row in resp:
            table.column_headers = [
                "Time", "Operation", "Target PID", "Target Descriptor",
                "Target Image"
            ]

            initiating = cursor.execute(
                "SELECT time, data, pid, desc_address, COALESCE(image, '') FROM operation \
                JOIN process ON target_p_id = process.id WHERE p_id = %s AND op = 'PROCESS-ACCESS-REQ'"
                % row[0])
            for rowIni in initiating:
                table.append_row(rowIni)

            print("\n")
            print(banner("Process %s (%s)" % (row[3], row[1])))
            print("Image:  %s\n" % row[2])

            print("Operations Initiated By This Process:")
            print(table)
            print("Total:  %d\n" % len(table))
            table.clear()

            table.column_headers = [
                "Time", "Operation", "Initiator PID", "Initiator Descriptor",
                "Initiator Image"
            ]

            initiating = cursor.execute(
                "SELECT time, data, pid, desc_address, COALESCE(image, '') FROM operation \
                JOIN process ON p_id = process.id WHERE target_p_id = %s AND op = 'PROCESS-ACCESS-REQ'"
                % row[0])
            for rowIni in initiating:
                table.append_row(rowIni)

            print("\nOperations In Which This Process Is The Target:")
            print(table)
            print("Total:  %d\n" % len(table))
            table.clear()
예제 #4
0
    def do_ls(self, arg):
        '''
        List the file resources contained in the database.
        The returned files can be filtered by using globs.  Example:  ls *ntdll.dll*

        If in a process context (via ps_cd <pid>), shows only the file resources accessed by this process
        in addition to the type of access, i.e. READ, WRITE, etc.  You can also filter for specific files
        in this context using ls *NickVirus*
        '''

        if (self.sqlite_conn is None):
            sys.stderr.write(
                "Please load a database first with the load_db command\n")
            return

        if self.prompt == self.CONST_DEFAULT_PROMPT:
            query = "SELECT id, name, first_seen FROM resource WHERE type = 'F'"
            cursor = self.sqlite_conn.cursor()

            arg = arg.strip()
            if arg:
                query = "SELECT id, name, first_seen FROM resource WHERE type = 'F' AND name LIKE '%s'" % arg.replace(
                    "*", "%")

            try:
                table = BeautifulTable(max_width=160)
                table.column_headers = ["Resource Id", "Name", "First Seen"]
                for row in cursor.execute(query):
                    table.append_row(row)

                if not len(table):
                    sys.stderr.write("No file with name %s found\n" % arg)
                    return

                print(table)
                print("\n")
                print("Total:  %d\n" % len(table))

                if arg:
                    table.clear(True)
                    table.column_headers = [
                        "Time", "PID", "Process Descriptor", "Process Image",
                        "Target PID", "Target Descriptor", "Target Image",
                        "Operation", "Aux Data"
                    ]
                    for row in cursor.execute(
                            "SELECT time, p1.pid, p1.desc_address, COALESCE(p1.image, ''), \
                                COALESCE(p2.pid, ''), COALESCE(p2.desc_address, ''), COALESCE(p2.image, ''), op, COALESCE(data,'') \
                                 FROM operation JOIN process p1 ON p_id = p1.id LEFT JOIN \
                                 process p2 ON target_p_id = p2.id JOIN resource ON \
                                 r_id = resource.id WHERE name LIKE '%s'" %
                            arg.replace("*", "%")):
                        table.append_row(row)

                    if len(table):
                        print("Accessed by process(es) ...")
                        print(table)
                        print("\n")
                        print("Total:  %d\n" % len(table))
            except Exception as e:
                print(e)
                sys.stderr.write("Invalid file name specified")
        else:
            searchOnNameClause = ""
            arg = arg.strip()
            if arg:
                searchOnNameClause = "AND name LIKE '%s'" % arg.replace(
                    "*", "%")

            process_filter = ""
            try:
                int(self.process_context)
                process_filter = "WHERE pid = %s" % self.process_context
            except:
                process_filter = "WHERE desc_address = '%s'" % self.process_context

            cursor = self.sqlite_conn.cursor()

            resp = cursor.execute(
                "SELECT id, pid, desc_address FROM process %s" %
                process_filter).fetchall()
            for pRow in resp:
                '''
                This query accounts for both image loads + file i/o
                '''
                query = "SELECT name, COALESCE(op, ''), COALESCE(process.pid, ''), COALESCE(desc_address, ''), COALESCE(data, ''), \
                time FROM operation LEFT JOIN process ON target_p_id = process.id JOIN \
                resource ON r_id = resource.id WHERE target_p_id = %s AND type = 'F' %s  \
                UNION \
                SELECT name, COALESCE(op, ''), '', '', COALESCE(data, ''), \
                time FROM operation JOIN process ON p_id = process.id JOIN \
                resource ON r_id = resource.id WHERE p_id = %s AND type = 'F' AND target_p_id IS NULL %s ORDER BY time"                                                                                                                        % \
                (pRow[0], searchOnNameClause, pRow[0], searchOnNameClause)

                print("\n")
                print(banner("Process %s (%s)" % (pRow[1], pRow[2])))
                table = BeautifulTable(max_width=160)
                table.column_headers = [
                    "Name", "Operation", "Target PID", "Target PID Descriptor",
                    "Aux Data", "First Seen"
                ]
                for row in cursor.execute(query):
                    table.append_row(row)

                print(table)
                print("Total:  %d\n" % len(table))
예제 #5
0
from utils.utilities import parse_url, banner

menu = argparse.ArgumentParser(
    "\n[+] mmpublish scanner tool to exploit misconfigured mmpublish instances\n"
)
menu.add_argument("-u",
                  "--url",
                  help="[+] URL to scan\n",
                  required=True,
                  type=str)
menu.add_argument("--passfile", help="[+] file with passwords\n", type=str)
menu.add_argument("--userfile", help="[+] file with users\n", type=str)
args = menu.parse_args()

url = args.url
passfile = args.passfile
user_file = args.userfile

banner()
obj = Coffe(parse_url(url))
obj.is_alive()
obj.get_info_robots()
obj.find_dwr_view()
obj.find_dwr()
obj.get_groups()
obj.find_admin_path()
obj.brute_dwr_path()
obj.exploit_user_email()
obj.get_users_login()
obj.get_user_remind()
obj.all_users_remainders()